What about implementing an automatic IP blacklist into BPS Pro? Would this even be meaningful in your opinion? And what would you expect related to site performance while thousands of IP’s are being checked due to the according rules?
Blocking by IP address is problematic and not efficient for many reasons. The way BPS security rules work is that they block by “bad action” instead of blocking by IP address. Example: Hacker X attacks a website with bad action Y (attack) and is blocked by BPS security rule Z. It is very common for hackers and spammers to have and use many different IP addresses. For example, we tested blocking by IP addresses many years ago and found that a group of Chinese spammers had thousands and probably millions of IP addresses that they could switch to if we blocked any of their IP addresses > https://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/